{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38580", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.927Z", "datePublished": "2024-06-19T13:37:37.840Z", "dateUpdated": "2024-09-11T17:34:55.453Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-06-19T13:37:37.840Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nepoll: be better about file lifetimes\n\nepoll can call out to vfs_poll() with a file pointer that may race with\nthe last 'fput()'. That would make f_count go down to zero, and while\nthe ep->mtx locking means that the resulting file pointer tear-down will\nbe blocked until the poll returns, it means that f_count is already\ndead, and any use of it won't actually get a reference to the file any\nmore: it's dead regardless.\n\nMake sure we have a valid ref on the file pointer before we call down to\nvfs_poll() from the epoll routines."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/eventpoll.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "cbfd1088e24e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "559214eb4e5c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4f65f4defe4e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "16e3182f6322", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4efaa5acf0a1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/eventpoll.c"], "versions": [{"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e"}, {"url": "https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784"}, {"url": "https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2"}, {"url": "https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d"}, {"url": "https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b"}], "title": "epoll: be better about file lifetimes", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.965Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38580", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:13:59.808885Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:55.453Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.965Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38580", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:13:59.808885Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:26.860Z"}}], "cna": {"title": "epoll: be better about file lifetimes", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "cbfd1088e24e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "559214eb4e5c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4f65f4defe4e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "16e3182f6322", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4efaa5acf0a1", "versionType": "git"}], "programFiles": ["fs/eventpoll.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.161", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.12", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/eventpoll.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e"}, {"url": "https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784"}, {"url": "https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2"}, {"url": "https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d"}, {"url": "https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nepoll: be better about file lifetimes\n\nepoll can call out to vfs_poll() with a file pointer that may race with\nthe last 'fput()'. That would make f_count go down to zero, and while\nthe ep->mtx locking means that the resulting file pointer tear-down will\nbe blocked until the poll returns, it means that f_count is already\ndead, and any use of it won't actually get a reference to the file any\nmore: it's dead regardless.\n\nMake sure we have a valid ref on the file pointer before we call down to\nvfs_poll() from the epoll routines."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-06-19T13:37:37.840Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38580", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:55.453Z", "dateReserved": "2024-06-18T19:36:34.927Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-19T13:37:37.840Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nepoll: be better about file lifetimes\n\nepoll can call out to vfs_poll() with a file pointer that may race with\nthe last 'fput()'. That would make f_count go down to zero, and while\nthe ep->mtx locking means that the resulting file pointer tear-down will\nbe blocked until the poll returns, it means that f_count is already\ndead, and any use of it won't actually get a reference to the file any\nmore: it's dead regardless.\n\nMake sure we have a valid ref on the file pointer before we call down to\nvfs_poll() from the epoll routines."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: epoll: mejore la duraci\u00f3n de los archivos epoll puede llamar a vfs_poll() con un puntero de archivo que puede competir con el \u00faltimo 'fput()'. Eso har\u00eda que f_count bajara a cero, y aunque el bloqueo ep->mtx significa que el desmontaje del puntero del archivo resultante se bloquear\u00e1 hasta que regrese la encuesta, significa que f_count ya est\u00e1 muerto y no se podr\u00e1 utilizar. De hecho, ya no obtengo una referencia al archivo: est\u00e1 muerto de todos modos. Aseg\u00farese de tener una referencia v\u00e1lida en el puntero del archivo antes de llamar a vfs_poll() desde las rutinas de epoll."}], "id": "CVE-2024-38580", "lastModified": "2024-06-20T12:44:01.637", "metrics": {}, "published": "2024-06-19T14:15:18.057", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:4928", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.28.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:4928", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.28.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-31T00:00:00Z"}], "bugzilla": {"description": "kernel: epoll: be better about file lifetimes", "id": "2293412", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293412"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nepoll: be better about file lifetimes\nepoll can call out to vfs_poll() with a file pointer that may race with\nthe last 'fput()'. That would make f_count go down to zero, and while\nthe ep->mtx locking means that the resulting file pointer tear-down will\nbe blocked until the poll returns, it means that f_count is already\ndead, and any use of it won't actually get a reference to the file any\nmore: it's dead regardless.\nMake sure we have a valid ref on the file pointer before we call down to\nvfs_poll() from the epoll routines.", "A flaw was found in the Linux kernel. Inappropriate file lifetime handling may lead to availability issues."], "name": "CVE-2024-38580", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38580\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38580\nhttps://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38580-d87f@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.161, kernel 6.1.93, kernel 6.6.33, kernel 6.8.12, kernel 6.9"}